Administrative user shell input validation fault

Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file. This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file.

N/A

N/A

Nokia Single RAN 安全漏洞

Nokia Single RAN是芬兰诺基亚（Nokia）公司的一个无线网络技术。 Nokia Single RAN 24R1-SR 1.0 MP之前版本存在安全漏洞，该漏洞源于输入验证不足，可能导致命令注入。

N/A

N/A